#7742 closed Patch (fixed)
FTPES handshake fails with GnuTLS 3
| Reported by: | Sid | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Client |
| Keywords: | Cc: | ||
| Component version: | Operating system type: | Linux | |
| Operating system version: | Archlinux |
Description
When using GnuTLS 2.12.7 FileZilla could successfully connect using FTPES, however after upgrading to GnuTLS 3 (and compiling FileZilla against it) when trying to connect I get the following error:
Status: Resolving address of <redacted> Status: Connecting to <redacted>:21... Status: Connection established, waiting for welcome message... Trace: CFtpControlSocket::OnReceive() Response: 220 (vsFTPd 2.3.4) Trace: CFtpControlSocket::SendNextCommand() Command: AUTH TLS Trace: CFtpControlSocket::OnReceive() Response: 234 Proceed with negotiation. Status: Initializing TLS... Trace: CTlsSocket::Handshake() Trace: CTlsSocket::ContinueHandshake() Trace: CTlsSocket::ContinueHandshake() Trace: GnuTLS alert 40: Handshake failed Error: GnuTLS error -12: A TLS fatal alert has been received. Trace: CRealControlSocket::OnClose(103) Trace: CFtpControlSocket::ResetOperation(66) Trace: CControlSocket::ResetOperation(66) Error: Could not connect to server Status: Waiting to retry... Status: Resolving address of apiratelifeforme.com Status: Connecting to <redacted>:21... Status: Connection established, waiting for welcome message... Trace: CFtpControlSocket::OnReceive() Response: 220 (vsFTPd 2.3.4) Trace: CFtpControlSocket::SendNextCommand() Command: AUTH TLS Trace: CFtpControlSocket::OnReceive() Response: 234 Proceed with negotiation. Status: Initializing TLS... Trace: CTlsSocket::Handshake() Trace: CTlsSocket::ContinueHandshake() Trace: CTlsSocket::ContinueHandshake() Trace: GnuTLS alert 40: Handshake failed Error: GnuTLS error -12: A TLS fatal alert has been received. Trace: CRealControlSocket::OnClose(103) Trace: CFtpControlSocket::ResetOperation(66) Trace: CControlSocket::ResetOperation(66) Error: Could not connect to server
I can successfully connect with FileZilla from Windows and from Linux if I downgrade GnuTLS, so the server works just fine.
Attachments (1)
Change History (6)
comment:1 by , 13 years ago
comment:2 by , 13 years ago
I feel dernik's comment, while useful, is slightly misleading. This is not a regression that is fixed by reverting to FileZilla 3.5.0. Rather in archlinux the migration to gnutls 3 coincided with FileZilla 3.5.1 being released, as such 3.5.1 was compiled against gnutls 3 while 3.5.0 was compiled against gnutls 2.12.6. That explains why he's downgrading both of them to get it working again.
I've seen other tickets where a developer asked for server access to fix issues. I can set up a test server mirroring my set-up if needed.
by , 13 years ago
Patch to fix the issue. The SECURE256 ciphersuites requested by filezilla do not have common ciphersuites with the common servers (SECURE256 got more strict in gnutls3).
comment:3 by , 13 years ago
I can confirm this patch fixes the problem. Should I change the status of this ticket or is that for the devs to do?
Thanks
comment:4 by , 13 years ago
| Type: | Bug report → Patch |
|---|
comment:5 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Thanks, a slightly different change has been applied to the repository.
Confirm tha same error for me under Arch Linux
It works when downgraded and tested for arch linux x86_64 and i686, the same error
filezilla (3.5.1-1 => 3.5.0-1)
gnutls (3.0.2-1 => 2.12.6.1-1)